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SYSTEM OF ACCESSING CRYPTED DATA USING USER AUTHENTICATION 



RELATED APPLICATIONS 

The present application claims the benefit of U.S. Provisional Application No. 
5 60/094,168 entitled "SYSTEM AND METHOD FOR VOICE VERIFICATION" filed on 
July 27, 1998 by Christopher Tomes, U.S. Provisional Application No. 60/094,169 entitled 
"MULTIMEDIA VOICE VERIFICATION SYSTEM AND METHOD FOR" filed on July 
27, 1998 by Christopher Tomes, and U.S. Provisional Application No. 60/094,260 entitled 
"SYSTEM AND METHOD FOR VOICE VERIFICATION" filed on July 27, 1998 by 
10 Christopher Tomes and Greg Engelstad, the contents of each of which are hereby 
incorporated by reference herein. ' 

FIELD OF THE INVENTION 

The present invention relates to computer security and more particularly to a system 
and method for user authentication. 



1 5 BACKGROUND OF THE INVENTION 

Determining who is an authorized user of a computer resource such as a file, a 
program, or even an entire computer system, is a very important aspect of computer security. 
"User authentication" refers to the process of validating a user to verify that the user is not a 
counterfeit. 

20 The most common form of user authentication is by login and password, in which the 

user is presented with a password prompt that asks the user to input a password via the 
keyboard. The text of the password is typically encrypted and compared against an 
encrypted enrolled password in an enter for the login in a database. If the encrypted entered 
password matches the encrypted enrolled password, then the person entering the login and 

25 password is considered authenticated. 

Such key-based passwords, however, have a number of disadvantages that 
compromise security. For example, security can be affected if users employ easily guessed 
passwords such as their name, address, and birth date. Other easily guessed passwords 
include popular makes of cars such as "Ferrari" and popular television shows. Since key- 

30 based passwords are entered by the keyboard, it is relatively simple to impersonate an 



1 



NSDOCtD: <WO_0007087A1_I_> 



wo 00/07087 



PCT/US99/16880 



10 



15 



20 



25 



30 



authorized user if the password is known or easily guessed. Every key stroke is identical 
from user to user. 

Accordingly, system administrators have been recommending that users employ 
passwords that are difficult to guess, such as a word appended by arbitrary numbers or even 
randomly assigned passwords. A difficulty with hard to guess passwords is that they are 
hard to remember, so many users are tempted to write such passwords down. The security of 
a password that has been written down on paper is only as good as the physical security of 
the piece of paper. Despite frequent admonishment, a large number of users often attach 
their passwords to their computers and laptops with a sticky note. 

Other attempts to authenticate users have been developed such as fingerprint 
scanning and retina scanning. These "biometric" approaches have so far required very 
sophisticated equipment and are therefore prohibitively expensive for the typical affordable 
computer system. Consequently, biometric security has truly only been available to the 
government and major corporations and out of the reach of the common computer owner. 

What is needed is a way to authenticate a user than cannot be easily counterfeited, 
e.g. by guessing a user's self-selected key-based password, but is still easy to remember so 
that the user does not compromise security by writing the password down. There is also a 
need for an affordable user authentication system, in contrast to fingerprint and retina 
scanning, that does not have the disadvantages associated with key-based passwords. 

SUMMARY OF THE INVENTION 

These and other needs are addressed by the present invention, in which the password 
such as a user's name is spoken by the user. The present invention stems from the 
realization that a person's voice is unique and can be used to authenticate a user, even the 
user's password is known or easily guessed. Unlike fingerprint and retina scanning, voice 
verification can be readily implemented with low cost hardware, such as a microphone. 

Affordable computer security is especially important for files stored on personal 
computers and laptops, where the physical access to the personal computer and laptop is 
difficult to control. Accordingly, one aspect of the present invention relates to a method and 
program for controlling access to a file by receiving an input voice sample from a user, 
verifying that the input voice sample belongs to an enrolled user, and decrypting the file 
based on the result of the verification. Thus, two techniques are used to secure a sensitive 
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file on a computer: voice verification, which protects the file against unauthorized use (by 
inauthentic users) and file encryption, which protects the file against unauthorized access. 

Another aspect invention therefore involves a 'Vault/' in which a collection of files 
and applications are managed by voice verification and file level encryption. In some cases, 
even the knowledge of the existence of a document on a computer or laptop is sensitive. In 
one embodiment, therefore, each such file is moved to a specified directory in the vault and 
given a scrambled name to make it very difficult for a computer user to identify the file by 
name without, of course, going through the voice verification process. 

Other aspects of the invention pertain to using voice verification to launch a 
computer application and grant access to a computer system, thereby replacing the login and 
key-based password process. In fact, voice verification can be used at a private branch 
exchange to control access to the public switched telephone network, thereby reducing long- 
distance toll charges made by unauthorized individuals. 

In one embodiment, voice verification is accomplished by an initial user enrollment 
phase, in which an authorized user utters several words into a microphone. These words can 
be chosen by the user, by the system, or both. The utterances are sampled, segmented into 
frames (typically corresponding to each phone in the utterance), and processed to produce a 
voice print. This voice print may constitute an array of Cepstral, linear predictive coding, or 
other coefficients for each frame. Preferably, several utterances of the same word are 
sampled and averaged, thereby allowing for a range of normal variation in the person's voice 
to be accepted. 

During a subsequent verification phase, a user is prompted to utter the password, 
which is sampled, segmented, and processed to produce a voice print. The input voice print 
is compared with the enrolled voice print, and a dissimilarity measure is calculated. If the 
dissimilarity measure is less than a predefined threshold, then the user is considered verified. 
One feature is a slider bar that allows the user to set the security level by controlling the 
predefined threshold value. 

Occasionally, the user's voice may be very hoarse due to a sickness such as 
laryngitis. Accordingly, an alternative access method is provided in some implementation 
by user profile questions. A user profile question is a question that asks for personal 
information of user that is difficult for someone other than the user to know but 
unforgettable to the user and does not need to be written down. Examples of user profile 
questions include, "What is your mother's maiden name?" and "What is the color of your 
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first car?" Another alternative access method is a "one-time password" that is generated by 
the voice verification program and can only be used a single time. Since the one-time 
password can only be used once, the security drawbacks with committing the one-time 
password to writing is greatly attenuated. 

Still other objects and advantages of the present invention will become readily 
apparent from the following detailed description, simply by way of illustration of the best 
mode contemplated of carrying out the invention. As will be realized, the invention is 
capable of other and different embodiments and its several details are capable of 
modifications in various obvious respects, all without departing from the invention. 
Accordingly, the drawings and description are to be regarded as illustrative in nature, and not 



as restrictive. 



BRIEF DESCRIPTION OF THE DRAWINGS 

The present invention is illustrated by way of example, and not by way of limitation, 
in the figures of the accompanying drawings and in which like reference numerals refer to 
similar elements and in which: 

FIG. 1 is a schematic diagram of computer system that can be used to implement an 
embodiment of the present invention. 

FIG. 2 is a flowchart of enrolling an authorized user. 
FIG. 3A illustrates a dialog box for taking voice samples. 
FIG. 3B illustrates a dialog box for getting user profile questions and answers. 
FIG. 4 is a flowchart of authenticating a user. 
FIG. 5A illustrates a dialog box for getting a user name. 
FIG. 5B illustrates a dialog box for getting a voice sample. 
FIG. 5C illustrates a dialog box for getting user profile answers. 
FIG. 5D illustrates a dialog box for getting a one-time password. 
FIG. 6A illustrates a main application window. 
FIG. 6B illustrates a menu for file operations. 
FIG. 6C illustrates a dialog box for exporting an encrypted file. 
30 FIG. 7 is a flowchart of securing access to a file. 

FIG. 8 is a flowchart of releasing access to a file. 
FIG. 9A illustrates a menu for user options. 

FIG. 9B illustrates a dialog box for adjusting enrolled voice samples. 

4 
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FIG. 9C illustrates a dialog box for displaying a one-time password. 

DESCRIPTION OF THE PREFERRED ExMBODIMENT 

A method and system for controlling access to a resource by voice verification are 
5 described. In the following description, for purposes of explanation, numerous specific 

details are set forth in order to provide a thorough understanding of the present invention. It 
will be apparent, however, to one skilled in the an that the present invention may be 
practiced without these specific details. In other instances, well-known structures and 
devices are shown in block diagram form in order to avoid unnecessarily obscuring the 
10 present invention. 

Hardware Overview 
Figure 1 is a block diagram that illustrates a computer system 100 upon which an 
embodiment of the invention may be implemented. Computer system 100 includes a bus 
102 or other communication mechanism for communicating information, and a processor 

15 104 coupled with bus 102 for processing information. Computer system 100 also includes a 
main memory 106, such as a random access memory (RAM) or other dynamic storage 
device, coupled to bus 102 for storing information and instructions to be executed by 
processor 104. Main memory 106 also may be used for storing temporary variables or other 
intermediate information during execution of instructions to be executed by processor 104. 

20 Computer system 100 further includes a read only memory (ROM) 108 or other static 
storage device coupled to bus 102 for storing static information and instructions for 
processor 104. A storage device 110, such as a magnetic disk or optical disk, is provided 
and coupled to bus 1 ^2 for storing information and instructions. 

Computer system 100 may be coupled via bus 102 to a display 1 12, such as a cathode 

25 ray tube (CRT), for displaying information to a computer user. An input device 114, 
including alphanumeric and other keys, is coupled to bus 102 for communicating 
information and command selections to processor 104. Another type of user input device is 
cursor control 116, such as a mouse, a trackball, or cursor direction keys for communicating 
direction information and command selections to processor 104 and for controlling cursor 

30 movement on display 1 12. This input device typically has uvo degrees of freedom in two 
axes, a first axis (e.g., x) and a second axis (e.g., y), that allows the device to specify 
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positions in a plane. A microphone 1 17 is also provided for converting sounds and other 
acoustical signals into electric signals for processing by computer system 100. 

The invention is related to the use of computer system 100 for controlling access to a 
resource by voice verification. According to one embodiment of the invention, controlling 
5 access to a resource by voice verification is provided by computer system 100 in response to 
processor 104 executing one or more sequences of one or more instructions contained in 
main memory 106. Such instructions may be read into main memory 106 from another 
computer-readable medium, such as storage device 110. Execution of the sequences of 
instructions contained in main memory 106 causes processor 104 to perform the process 

1 0 steps described herein. One or more processors in a multi-processing arrangement may also 
be employed to execute the sequences of instructions contained in main memory 106. In 
alternative embodiments, hard-wired circuitry may be used in place of or in combination 
with software instructions to implement the invention. Thus, embodiments of the invention 
are not limited to any specific combination of hardware circuitry and software. 

^ ^ The term "computer-readable medium" as used herein refers to any medium that 

participates in providing instructions to processor 104 for execution. Such a medium may 
take many forms, including but not limited to, non-volatile media, volatile media, and 
transmission media. Non-volatile media include, for example, optical or magnetic disks, 
such as storage device 110. Volatile media include dynamic memory, such as main memory 

20 1 06. Transmission media include coaxial cables, copper wire and fiber optics, including the 
wires that comprise bus 102. Transmission media can also take the form of acoustic or light 
waves, such as those generated during radio frequency (RF) and infrared (IR) data 
communications. Common forms of computer-readable media include, for example, a 
floppy disk, a flexible disk, hard disk, magnetic tape, any other magnetic medium, a CD- 

25 ROM, DVD, any other optical medium, punch cards, paper tape, any other physical medium 
with patterns of holes, a RAM, a PROM, and EPROM, a FLASH-EPROM, any other 
memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from 
which a computer can read. 

Various forms of computer readable media may be involved in carrying one or more 
30 sequences of one or more instructions to processor 104 for execution. For example, the 
instructions may initially be borne on a magnetic disk of a remote computer. The remote 
computer can load the instructions into its dynamic memory and send the instructions over a 
telephone line using a modem. A modem local to computer system 100 can receive the data 

6 



JSDOCID: <WO_00070S7A1 J_> 



wo 00/07087 PCT/US99/16880 

on the telephone line and use an infrared transmitter to convert the data to an infrared signal. 
An infrared detector coupled to bus 102 can receive the data carried in the infrared signal 
and place the data on bus 102. Bus 102 carries the data to main memory 106, from which 
processor 104 retrieves and executes the instructions. The instructions received by main 
5 memory 106 may optionally be stored on storage device 110 either before or after execution 
by processor 104. 

Computer system 100 also includes a communication interface 118 coupled to bus 
102. Communication interface 118 provides a two-way data communication coupling to a 
network link 120 that is connected to a local network 122. For example, communication 

10 interface 118 may be an integrated services digital network (ISDN) card or a modem to 
provide a data communication connection to a corresponding type of telephone line. As 
another example, communication interface 118 may be a local area network (LAN) card to 
provide a data communication connection to a compatible LAN. Wireless links may also be 
implemented. In any such implementation, communication interface 118 sends and receives 

15 electrical, electromagnetic or optical signals that carry digital data streams representing 
various types of information. 

Network link 120 typically provides data communication through one or more 
networks to other data devices. For example, network link 120 may provide a connection 
through local network 122 to a host computer 124 or to data equipment operated by an 

20 Internet Service Provider (ISP) 126. ISP 126 in turn provides data communication services 
through the worldwide packet data communication network, now commonly referred to as 
the "Internet" 128. Local network 122 and Internet 128 both use electrical, electromagnetic 
or optical signals that carry digital data streams. The signals through the various networks 
and the signals on network link 120 and through communication interface 118, which carry 

25 the digital data to and from computer system 100, are exemplary forms of carrier waves 
transporting the information. 

Computer system 100 can send messages and receive data, including program code, 
through the network(s), network link 120, and communication interface 118. In the Internet 
example, a server 130 might transmit a requested code for an application program through 

30 Internet 128, ISP 126, local network 122 and communication interface 118. In accordance 
with the invention, one such downloaded application provides for controlling access to a 
resource by voice verification as described herein. The received code may be executed by 
processor 104 as it is received, and/or stored in storage device 1 10, or other non- volatile 

7 
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storage for later execution. In this manner, computer system 100 may obtain application 
code in the form of a carrier wave. 



User Enrollment 

User enrollment is a preliminary procedure in which voice samples of an authorized 
user is obtained. These voice samples are preferably processed into a compact from referred 
to as voice prints, which is used for comparison against voice prints of those users desiring 
to obtain access to the system. User enrollment may occur, for example, as part of the 
installation of voice verification software. 

Referring to FIG. 2, the "user name" of the user is obtained in step 202. The user 
name, which is a text string that can be the user's first name, last name, or user id, similar to 
a login name, serves to identify an authorized user. In one implementation illustrated in 
FIG. 3A, the user name is obtained by means of a text field 302 in a user definition dialog 
box 300. Referring back to FIG. 2 at step 204, the user is prompted (e.g. by an audio 
prompt) to speak a password into a microphone 117. This password can be any word the 
user chooses and is typically the user's name. At step 206, several voice samples of 
password is taken and a composite voice print is extracted from the samples. 

Various techniques can be employed to extract a voice print from a voice sample, but 
the present invention is not limited to any particular technique. One possible technique 
involves buffering the incoming speech signal and processing the buffered speech signal in 
segments of 330 samples with overlaps of 220 samples. Each segment is then windowed 
using a Hamming window and an energy profile of the speech is obtained. Using the energy 
profile, the beginning and end point of an energy event is detected. An energy event, which 
is coincides with a new phone in the utterance, is defined as an occurrence of the energy 
exceeding a minimum threshold for a given number of fi-ames. All energy events are 
indexed for further processing. Each frame corresponding to a detected energy event is 
processed to extract the voice print. Specifically, for each frame, the first ten autocorrelation 
coefficients are calculated and Levinson-Durbin recursion is applied to obtain a tenth order 
LPC (linear predictive coding) coefficient set. From the LPC coefficients, a tenth order 
Cepstrum is then calculated. Accordingly, the final voiceprint is formed as a set of the 10 
Cepstral coefficients for each frame corresponding to a detect energy. 

In addition to taking a voice print of a word of the user's choosing, voice prints for 
additional or supplemental words are taken in one embodiment. These words can be 

8 
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predetermined by the voice enrollment/verification software, or they can be the answers to 
predetermined personal questions such as the user profile questions described hereinafter. 
Thus, in step 208, each supplemental word, e.g. four of them, are prompted for (as by an 
audio prompt), and, in step 210, voice samples are obtained and processed to extract 
corresponding voice prints. 

It is recognized that a user's voice may become unavailable from time to time, for 
example, when the user becomes hoarse after too much talking or comes down with an 
illness such as laryngitis. In one embodiment therefore, an alternative access means is 
provided, wherein the user is prompted in step 212 to answer a number of personal, "user 
profile" questions. Any question that asks for information in the personal knowledge of an 
individual and which the individual is not likely to vmte down is a good candidate for a user 
profile question. 

The dialog box 310 illustrated in FIG. 3B displays one list of possible user profile 
questions that includes, "What is your mother's maiden name?"; "Where was your father 

15 bom?"; "Where was your mother bom?"; "Where did you attend elementary school?"; 

"Where did you attend 7th grade?"; What is the color of your first car?"; "What is the make 
of your first car?"; and "What are the last four digits of your social security number?". At 
step 214, selections of which user profile questions to be used are made and their answers . 
are obtained from the user. 

20 If a plurality of users is supported, then the obtained voice prints and user profile 

answers are stored in association with the user name. Therefore, the user name serves to 
distinguish between different enrolled users. 

As a third access means, a one-time password may be optionally generated in step 
216. The one-time password can be implemented as a string of 16 random characters, which 

25 would only work once as a password. Even though the one-time password is likely to be 
written down, it is valid only once, unlike conventional passwords that are valid until 
explicitly changed, so that the security issues relating to the one-time password can be more 
easily controlled. 

Voice Verification 

^0 As soon as one or more users have been enrolled, the system is ready to control 

access to resources such as files and applications by requiring a user who desires the access 
the resources to undergo a voice verification procedure. In an exemplary voice verification 

9 
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procedure shown in FIG. 4, the user name is obtained in step 402, for example, from a text 
field 502 in dialog box 500 illustrated in FIG. 5A. When the user presses the enter key, 
voice verification dialog box 510 of FIG. 5B is displayed, and the user is prompted in step 
404 (as by an audio prompt) to give the password by speaking into the microphone 1 1 7. 

In step 406, a voice sample of password spoken by the user is obtained, and the voice 
print is then extracted. In addition, at least one of the supplemental words is prompted for 
(step 408) and voice prints for the supplemental words are obtained. Dialog box 510 in FIG. 
5B features a small color screen 512 that indicates a current state of the voice sampling and 
verification process, a button 514 for skipping the voice verification procedure and selecting 
the user profile question alternative authentication method, a button 515 for skipping the 
voice verification procedure and selecting the one-time password alternative authentication 
method, a button 5 1 6 for stopping the voice verification, and a close button 5 1 8 for quitting 
the voice verification process altogether. 

At step 412, if the voice prints from the voice samples input in steps 406 and 410 
match the corresponding voice prints, then the user is considered to be authenticated (step 
414). Various techniques exists for matching an input voice print with an enrolled voice 
point, but the present invention is not limited to any particular technique. In one 
implementation, the voiceprint matching is performed by a dynamic time warping (DTW) 
algorithm that allows for a minimum slope of 0.5 and a maximum slope of 2.0. The shorter 
of the voiceprints to be matched is designated the "guide," and the other voiceprint is 
designated the "slave." Beginning and end point deviations, both on the guide and slave, are 
checked to see if they fall within about one-fifth the length of the slave signal. The distance 
at each point is calculated using a Euclidean measure of comparing a set of weighted 
coefficients from the slave with a set of weighted coefficients from the guide. Once all the 
25 distances are calculated, the path with a minimum sum of distances is determined and the 
cost per node of such path is returned as the dissimilarity measure. If the dissimilarity 
measure falls below a defined threshold, a match is determined to exist, resulting in a 
successful verification. Othenvise, the voice prints are considered umnatched with the result 
being an unsuccessful verification. 

The alternative access method by user profile questions is employed when the 
voiceprints fail (from step 412) or when the user selects the "Use User Profile Questions- 
button 514 in the voice authentication dialog box 510. At step 416, the user profile 
questions dialog box 520 (in FIG. 5C) is displayed, prompting with one of the user profile 
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questions in text box 522. The user profile answer is entered into text field 524 in step 418. 

Preferably, steps 416 and 418 are repeated additional times, but with different user profile 

questions. If all of the questions match in step 420, then the user is authenticated (step 414). 

The user profile questions dialog box 520 also includes a use voice authorization button 525 
5 to go back to step 404 and a use one-time password button 526 to go forward to step 422. 

The close button 528 exits the authentication procedure. 

Still another access method by a one-time is employed when the user profile 

questions fail (from step 420) or when the user selects the "One Time Password" button 515 

in the voice authentication dialog box 510 or the "One Time Password" button 525 in the 
10 user profile questions dialog box 520. At step 422, the one-time dialog box 530 (in FIG. 5D) 

is displayed, prompting for the one-time password in text box 532. The user one-time 

password is entered into text field 534 in step 424. If the one-time password matches in step 

426, then the user is authenticated (step 414). Otherwise, the user is rejected in step 428. 

The one-time password dialog box 530 also includes a use user profile questions button 535 
15 to go back to step 422 and a use voice authorization button 536 to go back to step 404. The 

close button 538 exits the authentication procedure. 

The above-described voice verification procedure is capable of use in a variety of 

different applications as a general replacement for key based passwords. For example, such 

voice verification technology can be used for logging into a computer and/or server. In fact, 
20 a private branch exchange (PBX) at a company can use this technology for controlling 

access to the public switched telephone network (PSTN), especially to reduce unauthorized 

toll charges. 

Resource Security 
Since authorized use is controlled by a voice verification program, it is important to 
25 control the unauthorized access to computer resources such as files and applications outside 
of the voice verification program. In accordance with one embodiment, access to files and 
applications is controlled by encryption. While there are a variety of encryption techniques 
that may be usefully employed, such as RSA, DES (data encryption standard), public key 
encryption, reversible transformation (e.g. exclusive or) with a pseudo-random number 
30 stream, and character substitution tables, the present invention is not limited to any particular 
encryption technique. Encryption of files, whose decryption is performed if the voice 
verification is successful, provides an affordable protection strategy that is appropriate for 
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10 



15 



personal computers and laptops, especially when only some of the files on the computer are 
desired to be protected. 

In some cases, it is important to conceal the name of a file from unauthorized users, 
because the existence and nature of the file may, by itself, constitute valuable information.' 
Accordingly, one embodiment of the invention pertains to a "vault" in which all protected 
files and applications are stored. A vault may be implemented by a directory in the file 
system, in which the name of eve^^ file therein is scrambled. Consequently, a user must first 
be verified to know which files have been placed in the vault. 

FIG. 6A illustrates a main application window 600 that is started after a successfiil 
user authentication. The main application is responsible for managing a plurality of files, 
including executable files for applications, especially by encrypting and decrypting files Ind 
moving encrypted files into and out of the vault. The main application window 600 displays 
a list of files 602 that are being managed. Management information is associated with each 
file, such as the original path (or directory) 604 of the file, the original name 606 of the file, 
and the status 608 of the file. This management information is preferably stored in a file 
block at the end of an encrypted file and also separately in dynamic memory when the voice 
verification management program is running. The management information for unencrypted 
or decrypted files is only stored separately fi-om the files such as in dynamic memory; thus, 
unencrypted files are no longer managed by the system when the main application exits. 

FIG. 6B illustrates a file menu 610 containing file management commands that are 
found in one implemention. The file menu 610 includes collection commands 612 for 
adding and removing files from the current collection 602. Encryption commands 614 are 
also found on the file menu. These encryption commands 614 allow the user to encrypt and 
decrypt files and move encrypted files into and out of the vault. A drag-and-drop interface 
25 may also be used to add and encrypt files (and vice versa). 

FIG. 7 shows steps involved with encr>'pting files under management of a voice 
verification file management program. At step 702, a selected file is encrypted by a desired 
encryption technique. After the file is encrypted, management information about the file, 
such as the original path and name, is collected and appended into a file block that is 
allocated at the end of the file. Furthermore, the extension of the file is renamed in step 704, 
so that outside programs such as MICROSOFT WINDOWS EXPLORERtm can recognize 
that the file is encrypted and useless without the voice verification application. Preferably, 
the file extensions are registered in the system registry to indicate that the voice verification 
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application should be invoked when the encrypted file is doubled clicked or otherwise 
selected in EXPLORER'^'^* or other file management programs. 

Step 706 tests whether the user is requesting to put the file into the vault. This 
request may occur through a separate sub-menu item on the file menu 610 or through a 
5 checkbox or other user input on a dialog box. If the file is requested to be put into the vault, 
execution proceeds to step 708 where the file is copied into the vault directory. At step 710, 
the file name is scrambled, for example, by assigning the file an index number and 
converting the number into printable alphanumeric characters. 

At step 712, the file is checked to see if it is an executable file for a computer 

10 application. If the file is an executable file, then a front-end voice verification program is 
copied into the original name of the executable (step 714). The front-end voice verification 
program is configured, when executed, to receive and verify an input voice sample as 
belonging to an enrolled user. If verified, then the corresponding encrypted application, 
which name differs only in the extension, such as "vexe", is decrypted and launched. 

15 One reason for the different treatment of data files and executable is to preserve a 

consistent double-click interface for using an encrypted file, even in a standard program such 
as EXPLORER'^^^ Although an encrypted application file is no longer executable, the fi*ont- 
end voice verification program is, so that double-clicking on what appears to be an 
executable file still seamlessly works. 

20 Referring back to FIG. 6B, another option in group 614 on the file menu 610 is to 

decrypt files that have been encrypted. FIG. 8 is a flowchart showing steps involved in 
decrypting a file under management of a voice verification file management program. In 
step 802, the file is decrypted. If the file was originally an executable file, determined by 
examining the extension of the file (if 'Vexe") or checking the file data block of file 

25 management information (step 804), then the front-end voice verification program is deleted 
(step 806). Execution resumes at step 808, where the file extension is renamed back to the 
original. If the file was in the vault (tested at step 810), additional processing occurs by 
copying the file to its original directory (step 8 1 2) and the name of the file is renamed back 
to the original name (step 814). The information to perform these actions was stored in a file 

30 data block within the encrypted file. 

Referring yet again to FIG. 6B, another group 616 of operations relate to importing 
and exporting encrypted files, so that another user of the voice verification file management 
can use files that were encrypted for one user. As illustrated in FIG. 6C, an export files 
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encryption key dialog box 620 is presented wherein the exporting user can specify an 
optional encryption key 622 or activate a button 624 to export with no additional key. 

FIG. 9A depicts a user menu 900 that includes an entry for logging off. an entry 902 
for obtaining a one-time password, and an entry for changing the user profile 904. One of 
5 dialog boxes displayed for changing the user profile 904 is a re-enrollment dialog box 910 in 
FIG. 9B, which allows to user to re-enter voice samples. The a re-enrollment dialog box 910 
also provides a test button 914 to test how well the user's utterances are matched and a 
threshold slider 916 for adjusting the threshold setting used for determining a match between 
more tolerant and more secure. FIG. 9C shows an exemplary dialog box 920 that displays a 
1 0 new one-time password 922 that is only valid for a single use. 

While this invention has been described in connection with what is presently 
cor..dered to be the most practical and preferred embodiment, it is to be understood that the 
invention is not limited to the disclosed embodiment, but on the contrary, is intended to 
cover various modifications and equivalent arrangements included within the spirit and 
1 5 scope of the appended claims. 
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WHAT IS CLAIMED IS: 



1 LA method for controlling access to a file, comprising: 

2 receiving an input voice sample from a user; 

3 verifying that the input voice sample belongs to an enrolled user; and 

4 decrypting the file based on a result of said verifying. 

1 2. The method of claim 1, further comprising prompting the user to speak the user's 

2 name before receiving the input voice sample. 

1 3. The method of claim 1, further comprising prompting the user to speak a 

2 predetermined word before receiving the input voice sample. 

1 4. The method of claim 1, wherein verifying that the input voice sample belongs to an 

2 enrolled user includes: 

3 extracting an input voice print from the input voice sample; and 

4 comparing the input voice print with an enrolled voice print extracted from a voice 

5 sample of the enrolled user to determine whether the input voice print matches the 

6 enrolled voice print. 

1 5. The method of claim 4, wherein comparing the input voice print includes: 

2 calculating a dissimilarity measure between the input voice print and the enrolled voice 

3 print; and 

4 comparing the dissimilarity measure with a threshold value. 



6. The method of claim 5, further comprising providing a slider bar in a user interface 
for setting the threshold value. 

7. The method of claim 5, wherein calculating the dissimilarity measure includes 
calculating a cost of a path with a minimum sum of Euclidean distances. 
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1 8. The method of claim 4, wherein extracting the input voice prim from the input voice 

2 sample includes: 

3 segmenting the input voice sample into a plurality of frames; and 

4 calculating a plurality of Cepstral coefficients for each of the frames. 

1 9. The method of claim 4, further comprising: 

2 receiving an enrolled voice sample from the enrolled user; an 

3 extracting the enrolled voice print from the enrolled voice sample. 

1 10. The method of claim 9, fiirther comprising: 

2 receiving a second enrolled voice sample from the enrolled user; and 

3 updating the enrolled voice print by extracting a second enrolled voice print from the 

4 second enrolled voice sample. 

1 11. The method of claim 1, further comprising: 

2 prompting the user to answer a personal question; 

3 receiving a response from the user to the personal question; 

4 comparing the response with an enrolled response; and 
decrypting the file ftirther based on a result of comparing the response. 



5 



1 12. The method of claim 1 1. ftirther comprising selecting the personal question from a 

2 plurality a predetermined personal questions about a color of a car, a make of the car, a name 

3 of an elementary school, a name of a seventh grade school, a father's birth place, a mother's 

4 birth place, a mother's maiden name, and a last number of social security number digits. 

1 13. The method of claim I, ftirther comprising: 

2 generating a single use password; 

3 displaying the single use password; 

4 receiving input of the single use password from the user; and 
decrypting the file further based on said receiving the input of the single use password. 



5 



1 14. A method of controlling access to a plurality of files, comprising: 

2 receiving an input voice sample from a user; 
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3 verifying that the input voice sample belongs to an enrolled user; and 

4 if the input voice sample is verified as belonging to the enrolled user, then presenting a 

5 user interface for providing the user access to the files. 

1 15. The method of claim 14, wherein presenting the user interface includes: 

2 displaying names of the files; 

3 receiving a selection for one of the files; and 

4 decrypting the one of the files. 

1 16. The method of claim 15, further comprising scrambling the names of the files as 

2 stored in a file system. 

1 17. The method of claim 14, wherein presenting the user interface includes: 

2 displaying names of the files; 

3 receiving a selection for one of the files; and 

4 decrypting the one of the files. 

1 18, The method of claim 14, further comprising storing the files in a read-only memory. 

1 19. The method of claim 14, further comprising exporting one of the files in an 

2 encrypted format. 

1 20. A method for controlling access to a computer application, comprising: 

2 receiving an input voice sample fi-om a user; 

3 verifying that the input voice sample belongs to an enrolled user; and 

4 launching the application based on a result of said verifying. 

1 21. The method of claim 20, further comprising: 

2 renaming an executable application file of the computer application from an original 

3 name to a new name; and 

4 storing an executable front-end file with the original name of the executable application 

5 file, said executable front-end file including instructions arranged to perform said 

6 steps of receiving, verifying, and launching. 
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1 22. The method of claim 20, wherein launching the application includes: 

2 decrypting an encrypted executable file of the computer application to produce 

3 decrypted executable file; and 

4 executing the decrypted executable file. 



1 23. A method for controlling access to a computer system, comprising: 

2 receiving an input voice sample firom a user; 

3 verifying that the input voice sample belongs to an enrolled user; and 
granting access to the computer system based on a result of said verifying. 



4 



1 24. A method for controlling access to a public telephone system, comprising: 

2 receiving an input voice sample fi-om a user over a telephone connection to a private 

3 branch exchange; 

4 verifying that the input voice sample belongs to an enrolled user; and 

5 granting access to the public telephone system based on a result of said verifying. 



1 25. A computer-readable medium bearing instructions for controlling access to a file, 

2 said instructions arranged, when executed by one or more processors, to cause the one or 

3 more processors to perform the steps of: 

4 receiving an input voice sample from a user; 

5 verifying that the input voice sample belongs to an enrolled user; and 

6 decrypting the file based on a result of said verifying. 



1 

2 



26. The computer-readable medium of claim 25, wherein said instructions are further 
arranged to cause the one or more processors to perform the step of prompting the 



user to 



3 speak the user's name before receiving the input voice sample. 



1 27. The computer-readable medium of claim 25, wherein said instructions are further 

2 arranged to cause the one or more processors to perform the step of prompting the 

3 speak a predetermined word before receiving the input voice sample. 



user to 
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1 28. The computer-readable medium of claim 25, wherein verifying that the input voice 

2 sample belongs to an enrolled user includes: 

3 extracting an input voice print 

4 from the input voice sample; and 

5 comparing the input voice prim with an enrolled voice print extracted from a voice 

6 sample of the enrolled user to determine whether the input voice print matches the 

7 enrolled voice print. 

1 29. The computer-readable medium of claim 28, wherein comparing the input voice 

2 print includes: 

3 calculating a dissimilarity measure between the input voice print and the enrolled voice 

4 print; and 

5 comparing the dissimilarity measure with a threshold value. 

1 30. The computer-readable medium of claim 29, wherein said instructions are further 

2 arranged to cause the one or more processors to perform the step of providing a slider bar in 

3 a user interface for setting the threshold value. 

1 31. The computer-readable medium of claim 29, wherein calculating the dissimilarity 

2 measure includes calculating a cost of a path with a minimum sum of Euclidean distances. 

1 32. The computer-readable medium of claim 28, wherein extracting the input voice print 

2 from the input voice sample includes: 

3 segmenting the input voice sample into a plurality of frames; and 

4 calculating a plurality of Cepstral coefficients for each of the frames. 

1 33. The computer-readable medium of claim 28, wherein said instructions are further 

2 arranged to cause the one or more processors to perform the steps of 

3 receiving an enrolled voice sample from the enrolled user; an 

4 extracting the enrolled voice print from the enrolled voice sample. 

1 34. The computer-readable medium of claim 33, wherein said instructions are further 

2 arranged to cause the one or more processors to perform the steps of 
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3 receiving a second enrolled voice sample from the enrolled user; and 

4 updating the enrolled voice print by extracting a second enrolled voice print from the 

5 second enrolled voice sample. 

1 35. The computer-readable medium of claim 25, wherein said instructions are frirther 

2 arranged to cause the one or more processors to perform the steps of: 

3 prompting the user to answer a personal question; 

4 receiving a response from the user to the personal question; 

5 comparing the response with an enrolled response; and 

6 decrypting the file further based on a result of comparing the response. 

1 36. The computer-readable medium of claim 35, wherein said instructions are frirther 

2 arranged to cause the one or more processors to perform the step of selecting the personal 

3 question from a plurality a predetermined personal questions about a color of a car, a make 

4 of the car, a name of an elementary school, a name of a seventh grade school, a father's birth 

5 place, a mother's birth place, a mother's maiden name, and a last number of social security 

6 number digits. 

1 37. The computer-readable medium of claim 25, wherein said instructions are frirther 

2 arranged to cause the one or more processors to perform the steps of: 

3 generating a single use password; 

4 displaying the single use password; 

5 receiving input of the single use password from the user; and 

6 decrypting the file further based on said receiving the input of the single use password. 

1 38. A computer-readable medium bearing instructions for controlling access to a 

2 plurality of files, said instructions arranged, when executed by one or more processors, to 

3 cause the one or more processors to perform the steps of: 

4 receiving an input voice sample from a user; 

5 verifying that the input voice sample belongs to an enrolled user; and 

6 if the input voice sample is verified as belonging to the enrolled user, then presenting a 

7 user interface for providing the user access to the files. 
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39. The computer-readable medium of claim 38, wherein presenting the user interface 
includes: 

displaying names of the files; 

receiving a selection for one of the files; and 

decrypting the one of the files. 

40. The computer-readable medium of claim 39, wherein said instructions are further 
arranged to cause the one or more processors to perform the step of scrambhng the names of 
the files as stored in a file system. 

41. The computer-readable medium of claim 38, wherein presenting the user interface 
includes: 

displaying names of the files; 

receiving a selection for one of the files; and 

decrypting the one of the files. 

42. The computer-readable medium of claim 38, wherein said instructions are fiirther 
arranged to cause the one or more processors to perform the step of storing the files in a 
read-only memory. 

43. The computer-readable medium of claim 38, wherein said instructions are further 
arranged to cause the one or more processors to perform the step of exporting one of the files 
in an encrypted format. 

44. A computer-readable medium bearing instructions for controlling access to a 
computer application, wherein said instructions are fiirther arranged to cause the one or more 
processors to perform the steps of: 

receiving an input voice sample from a user; 

verifying that the input voice sample belongs to an eru-olled user; and 
launching the application based on a result of said verifying. 



45. The computer-readable medium of claim 44, wherein said instructions are further 
arranged to cause the one or more processors to perform the steps of: 
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renaming an executable application file of the computer application from an original 
4 name to a new name; and 

storing an executable front-end file with the original name of the executable application 
file, said executable front-end file including instructions arranged to perfomi said 
steps of receiving, verifying, and launching. 



1 46. The computer-readable medium of claim 44, wherein launching the application 

2 includes: 

3 decrypting an encrypted executable file of the computer application to produce a 

4 decrypted executable file; and 

5 executing the decrypted executable file. 



47. A computer system for controlling access to a file, comprising: 
a microphone for receiving an input voice sample from a user; 



3 a storage device for storing the file; 



a processor coupled to microphone and storage device and configured to perfomi the 
5 steps of: 



verifying that the input voice sample belongs to an enrolled user; and 
decrypting the file based on a result of said verifying. 



1 48. A computer system for controlling access to a plurality of files, comprising: 

2 ^ "Microphone for receiving an input voice sample from a user; 

3 a storage device for storing the files; 

4 a processor coupled to microphone and storage device and configured to perfomi the 

5 steps of: 



verifying that the input voice sample belongs to an enrolled user; and 
if the input voice sample is verified as belonging to the enrolled user, then presenting 
a user interface for providing the user access to the files. 

49. A computer system for controlling access to a computer application, comprising: 
a microphone for receiving an input voice sample from a user; 
a storage device for storing the computer application; 
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a processor coupled to microphone and storage device and configured to perform the 
steps of: 

verifying that the input voice sample belongs to an enrolled user; and 
launching the application based on a result of said verifying. 
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